Closed Bug 1582827 Opened 5 years ago Closed 5 years ago

[lando-ui] Sanitize new commit messages when requesting sec-approval

Tracking

(Not tracked)

Status:

RESOLVED INVALID

People

(Reporter: mars, Assigned: mars)

References

(Blocks 1 open bug)

Details

(Keywords: conduit-triaged)

Māris Fogels [:mars] (please needinfo)

Assignee

Description

•

5 years ago

•

Edited

Commit messages being submitted to Lando for sec-approval need to be properly sanitized to prevent an XSS attack.

Māris Fogels [:mars] (please needinfo)

Assignee

Updated

•

5 years ago

Assignee: nobody → mars

Status: NEW → ASSIGNED

Keywords: conduit-triaged

Priority: -- → P2

Māris Fogels [:mars] (please needinfo)

Assignee

Comment 1

•

5 years ago

glob says that Phabricator does output sanitization. The commit messages submitted via lando-ui ultimately show up in Phabricator and Lando, both of which escape the HTML before displaying it. We don't need to sanitize the submitted commit messages.

Status: ASSIGNED → RESOLVED

Closed: 5 years ago

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[lando-ui] Sanitize new commit messages when requesting sec-approval

Categories

(Conduit :: Lando, task, P2)

Tracking

(Not tracked)

People

(Reporter: mars, Assigned: mars)

References

(Blocks 1 open bug)

Details

(Keywords: conduit-triaged)

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1